Analysis
-
max time kernel
150s -
max time network
118s -
platform
windows7_x64 -
resource
win7-20240611-en -
resource tags
arch:x64arch:x86image:win7-20240611-enlocale:en-usos:windows7-x64system -
submitted
12-06-2024 11:36
Behavioral task
behavioral1
Sample
36faa0694618e2199e63379197481860_NeikiAnalytics.exe
Resource
win7-20240611-en
Behavioral task
behavioral2
Sample
36faa0694618e2199e63379197481860_NeikiAnalytics.exe
Resource
win10v2004-20240611-en
General
-
Target
36faa0694618e2199e63379197481860_NeikiAnalytics.exe
-
Size
118KB
-
MD5
36faa0694618e2199e63379197481860
-
SHA1
2001c20e6c9c5713292ddfa108312550e32c607a
-
SHA256
c16e290fddb1a1d05ab9c4e9ac55ba79ccb577081cde659082316ac6993445f0
-
SHA512
1274ed9b1bd7972d2baad3785a77beefc58f1e8f8d9bd805224f417c6bd5596eb0e6966a6e6365dc5e71d7119f6e369c5aff144c10eaff5ea866d5e7ff4973f6
-
SSDEEP
1536:Isz1++PJHJXFAIuZAIuekc9zBfA1OjBWgOI3uicwa+shcBEN2iqxtdSCow8hflik:hfAIuZAIuYSMjoqtMHfhflixih
Malware Config
Signatures
-
Renames multiple (3456) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
-
Processes:
resource yara_rule behavioral1/memory/948-0-0x0000000000400000-0x000000000040A000-memory.dmp upx C:\$Recycle.Bin\S-1-5-21-2812790648-3157963462-487717889-1000\desktop.ini.tmp upx C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp upx behavioral1/memory/948-86-0x0000000000400000-0x000000000040A000-memory.dmp upx -
Drops file in Program Files directory 64 IoCs
Processes:
36faa0694618e2199e63379197481860_NeikiAnalytics.exedescription ioc process File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-openide-compat.xml.tmp 36faa0694618e2199e63379197481860_NeikiAnalytics.exe File created C:\Program Files\Java\jre7\lib\zi\Antarctica\Syowa.tmp 36faa0694618e2199e63379197481860_NeikiAnalytics.exe File created C:\Program Files\Java\jre7\lib\zi\Etc\GMT+2.tmp 36faa0694618e2199e63379197481860_NeikiAnalytics.exe File created C:\Program Files\Common Files\Microsoft Shared\ink\hwritalm.dat.tmp 36faa0694618e2199e63379197481860_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.garbagecollector.nl_ja_4.4.0.v20140623020002.jar.tmp 36faa0694618e2199e63379197481860_NeikiAnalytics.exe File created C:\Program Files\Microsoft Games\Multiplayer\Checkers\de-DE\ChkrRes.dll.mui.tmp 36faa0694618e2199e63379197481860_NeikiAnalytics.exe File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\de\System.Web.Entity.Design.Resources.dll.tmp 36faa0694618e2199e63379197481860_NeikiAnalytics.exe File created C:\Program Files\VideoLAN\VLC\plugins\video_chroma\libi420_nv12_plugin.dll.tmp 36faa0694618e2199e63379197481860_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Atlantic\Azores.tmp 36faa0694618e2199e63379197481860_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.launcher.win32.win32.x86_64_1.1.200.v20141007-2033\launcher.win32.win32.x86_64.properties.tmp 36faa0694618e2199e63379197481860_NeikiAnalytics.exe File created C:\Program Files\DVD Maker\Shared\DvdStyles\LayeredTitles\NavigationLeft_ButtonGraphic.png.tmp 36faa0694618e2199e63379197481860_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\core\locale\com-sun-tools-visualvm-modules-startup_zh_CN.jar.tmp 36faa0694618e2199e63379197481860_NeikiAnalytics.exe File created C:\Program Files\VideoLAN\VLC\lua\meta\art\00_musicbrainz.luac.tmp 36faa0694618e2199e63379197481860_NeikiAnalytics.exe File created C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\main\base_ca.xml.tmp 36faa0694618e2199e63379197481860_NeikiAnalytics.exe File created C:\Program Files\Common Files\System\msadc\en-US\msdaremr.dll.mui.tmp 36faa0694618e2199e63379197481860_NeikiAnalytics.exe File created C:\Program Files\Java\jre7\lib\zi\Indian\Chagos.tmp 36faa0694618e2199e63379197481860_NeikiAnalytics.exe File created C:\Program Files\DVD Maker\Shared\DvdStyles\rectangle_performance_Thumbnail.bmp.tmp 36faa0694618e2199e63379197481860_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-modules-javahelp.jar.tmp 36faa0694618e2199e63379197481860_NeikiAnalytics.exe File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\VisualElements\SmallLogoCanary.png.tmp 36faa0694618e2199e63379197481860_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.core.databinding.property.nl_ja_4.4.0.v20140623020002.jar.tmp 36faa0694618e2199e63379197481860_NeikiAnalytics.exe File created C:\Program Files\Windows Journal\es-ES\MSPVWCTL.DLL.mui.tmp 36faa0694618e2199e63379197481860_NeikiAnalytics.exe File created C:\Program Files\Windows Sidebar\Gadgets\MediaCenter.Gadget\images\button_play.png.tmp 36faa0694618e2199e63379197481860_NeikiAnalytics.exe File created C:\Program Files\Common Files\Microsoft Shared\ink\ja-JP\InkWatson.exe.mui.tmp 36faa0694618e2199e63379197481860_NeikiAnalytics.exe File created C:\Program Files\DVD Maker\Shared\DvdStyles\ResizingPanels\203x8subpicture.png.tmp 36faa0694618e2199e63379197481860_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Luxembourg.tmp 36faa0694618e2199e63379197481860_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.greychart.ui.ja_5.5.0.165303.jar.tmp 36faa0694618e2199e63379197481860_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\com-sun-tools-visualvm-host-views.jar.tmp 36faa0694618e2199e63379197481860_NeikiAnalytics.exe File created C:\Program Files\Microsoft Games\Solitaire\desktop.ini.tmp 36faa0694618e2199e63379197481860_NeikiAnalytics.exe File created C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\system_settings.png.tmp 36faa0694618e2199e63379197481860_NeikiAnalytics.exe File created C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\drag.png.tmp 36faa0694618e2199e63379197481860_NeikiAnalytics.exe File created C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\16_9-frame-image-mask.png.tmp 36faa0694618e2199e63379197481860_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Halifax.tmp 36faa0694618e2199e63379197481860_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.frameworkadmin.equinox.nl_ja_4.4.0.v20140623020002.jar.tmp 36faa0694618e2199e63379197481860_NeikiAnalytics.exe File created C:\Program Files\Java\jre7\bin\jp2iexp.dll.tmp 36faa0694618e2199e63379197481860_NeikiAnalytics.exe File created C:\Program Files\Java\jre7\bin\jsoundds.dll.tmp 36faa0694618e2199e63379197481860_NeikiAnalytics.exe File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\de\UIAutomationTypes.resources.dll.tmp 36faa0694618e2199e63379197481860_NeikiAnalytics.exe File created C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\13.png.tmp 36faa0694618e2199e63379197481860_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\jre\bin\dtplugin\deployJava1.dll.tmp 36faa0694618e2199e63379197481860_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\SystemV\YST9.tmp 36faa0694618e2199e63379197481860_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-modules-core-kit.xml.tmp 36faa0694618e2199e63379197481860_NeikiAnalytics.exe File created C:\Program Files\Java\jre7\lib\zi\Asia\Novokuznetsk.tmp 36faa0694618e2199e63379197481860_NeikiAnalytics.exe File created C:\Program Files\Java\jre7\lib\zi\Etc\GMT+7.tmp 36faa0694618e2199e63379197481860_NeikiAnalytics.exe File created C:\Program Files\VideoLAN\VLC\plugins\codec\libkate_plugin.dll.tmp 36faa0694618e2199e63379197481860_NeikiAnalytics.exe File created C:\Program Files\Windows Journal\fr-FR\jnwdui.dll.mui.tmp 36faa0694618e2199e63379197481860_NeikiAnalytics.exe File created C:\Program Files\Windows Media Player\ja-JP\wmpnscfg.exe.mui.tmp 36faa0694618e2199e63379197481860_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\fonts\LucidaTypewriterBold.ttf.tmp 36faa0694618e2199e63379197481860_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.core.resources_3.9.1.v20140825-1431.jar.tmp 36faa0694618e2199e63379197481860_NeikiAnalytics.exe File created C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\en-US\js\clock.js.tmp 36faa0694618e2199e63379197481860_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx_5.5.0.165303\lib\mailapi.jar.tmp 36faa0694618e2199e63379197481860_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.core.expressions_3.4.600.v20140128-0851.jar.tmp 36faa0694618e2199e63379197481860_NeikiAnalytics.exe File created C:\Program Files\Java\jre7\lib\zi\America\Bahia_Banderas.tmp 36faa0694618e2199e63379197481860_NeikiAnalytics.exe File created C:\Program Files\Java\jre7\lib\zi\SystemV\HST10.tmp 36faa0694618e2199e63379197481860_NeikiAnalytics.exe File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\it\UIAutomationClientsideProviders.resources.dll.tmp 36faa0694618e2199e63379197481860_NeikiAnalytics.exe File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\System.AddIn.dll.tmp 36faa0694618e2199e63379197481860_NeikiAnalytics.exe File created C:\Program Files\Common Files\Microsoft Shared\ink\en-US\tabskb.dll.mui.tmp 36faa0694618e2199e63379197481860_NeikiAnalytics.exe File created C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\passportcover.png.tmp 36faa0694618e2199e63379197481860_NeikiAnalytics.exe File created C:\Program Files\DVD Maker\Shared\DvdStyles\BabyBoy\nav_rightarrow.png.tmp 36faa0694618e2199e63379197481860_NeikiAnalytics.exe File created C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\play-background.png.tmp 36faa0694618e2199e63379197481860_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\deploy\messages_zh_HK.properties.tmp 36faa0694618e2199e63379197481860_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.help.ui.nl_zh_4.4.0.v20140623020002.jar.tmp 36faa0694618e2199e63379197481860_NeikiAnalytics.exe File created C:\Program Files\VideoLAN\VLC\plugins\packetizer\libpacketizer_hevc_plugin.dll.tmp 36faa0694618e2199e63379197481860_NeikiAnalytics.exe File created C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\Images\settings_box_divider_left.png.tmp 36faa0694618e2199e63379197481860_NeikiAnalytics.exe File created C:\Program Files\Common Files\Microsoft Shared\ink\es-ES\IPSEventLogMsg.dll.mui.tmp 36faa0694618e2199e63379197481860_NeikiAnalytics.exe File created C:\Program Files\Common Files\System\msadc\es-ES\msadcor.dll.mui.tmp 36faa0694618e2199e63379197481860_NeikiAnalytics.exe
Processes
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
118KB
MD5ffbfac208b6c656ae5fc1a4c6fdd26fe
SHA1e023915723a7d51822fc6ace76b827f6cb44b969
SHA256b850aaf80dd725c79446a934f2999c245e6d63e064e3f9fc78a8385a8a58fa71
SHA512006302e37415fdaefddc601ffad0f6b531e4d0ab7a6c6e44a29df3fdb62054ded4825ffeb932e502fef9b351874c878d6c4d2ab041a7d7c7fd0a7a3cf41e0005
-
Filesize
127KB
MD5e9bc7469bbb97f09593224ccb570c114
SHA1d5a8a0093e586f1d92bd93e2bfd5b7b88bf16bbb
SHA256513a0ecfbbbca3c53924822dc92ad969c80e5af267f511523fdccaa4e8463324
SHA512c90a4c8c424e88b2d1ee1f79e300dfca4b4ac2fc128cbe06edaf241051ee211936ad1c9ccaa9803ebc4ac64694fb3b223c04cd6e78e2bdf33076f4dac84be5ac